Hack This Site: Javascript Mission – Level 4

Hack This Site Javascript Mission Level 4

Introduction

Hello there internet and welcome to HaXeZ where today we will be solving Hack This Site Javascript Mission 4. This mission is a little deceptive due to the way that the Javascript is written. To put it another way, this mission intentionally tries to trick you into thinking the value of a variable is something else. However, our keen attention to detail is enough to complete the mission.

Javascript Mission 4
Javascript Mission 4

The Mission

The mission is called Var which we can deduce means we’re going to be working with variables again. As can be seen from the image below, the message reads “Faith is trying to trick you… she knows that you’re tired after all the math works”. To sum up, Faith is going to going to attempt some shinanigans to prevent us from completing this mission. We can test the form with random data to see what happens but as expected, we just get an alert informing us that it is incorrect.

The Mission
The Mission

The Javascript

If we inspect the page we can see the script that is powering the functionality. This is where the first deception comes in. If you view the page source instead of inspecting the element, you may not notice that the first variable is being set. The image below shows that the first variable is being set on the far right. It’s probably a bit to small to see though.

Hidden moo
Hidden moo

However, if we inspect the script you will see that at the very start of the script, we can see that the value ‘moo‘ is being assigned to the variable ‘RawrRawr‘. Next, we can see that a function called ‘x‘ is being created where the value of ‘hack_this_site‘ is being added to the variable ‘+RawrRawr+‘. Then again, perhaps it isn’t. If we look at how the ‘moo‘ is being assigned to ‘RawrRawr‘ we only see one equal sign. In javascript, a double equals sign acts as an operator to compare two values so all that’s happening here is that ‘hack_this_site‘ is being compared to ‘RawrRawr‘.

The Javascript

The Solution

The value of ‘RawrRawr‘ is still moo, let’s see what the script does next. The script has an if statement that compares ‘x‘ to an empty value between two speech marks plus the value of ‘RawrRawr‘. So in essence, the script is checking the value of ‘x‘ against nothing plus ‘moo‘ as ‘moo‘ was set earlier. Therefore, the password to complete the mission should be moo. Input that in to the box and click submit to score.

The Solution
The Solution
%d bloggers like this: